Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
18/11/2023, 06:55
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe
-
Size
347KB
-
MD5
c9165c79706fdcfaaa98fee95d4bc5a0
-
SHA1
a5dc9b0d8454093987f9a0f95635ee36cf159a8e
-
SHA256
e7aa05286c7456f59cd8b22d797a4555716b1d0a4c3dd1f274b504bdff7124d9
-
SHA512
573df0e19f7594dfac254c982c778bfc5f4a1c8bc12b9a82ed6d81d0d96936e44500f38b7d91f5592eb1ce1c1976966031b062e0a45d7fe2266f9956aab632b7
-
SSDEEP
6144:9/5ybPL6fUZLEZZXgsO/5ybPG3xzu02/5ybPL2:qbPyREsxbPOxzrbPS
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2400 dhuqaed.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\dhuqaed.exe NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe File created C:\PROGRA~3\Mozilla\fjgblbm.dll dhuqaed.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2400 2332 taskeng.exe 29 PID 2332 wrote to memory of 2400 2332 taskeng.exe 29 PID 2332 wrote to memory of 2400 2332 taskeng.exe 29 PID 2332 wrote to memory of 2400 2332 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c9165c79706fdcfaaa98fee95d4bc5a0.exe"1⤵
- Drops file in Program Files directory
PID:1896
-
C:\Windows\system32\taskeng.exetaskeng.exe {73E7963E-8E21-4ACC-9B8E-FDB47968A326} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\PROGRA~3\Mozilla\dhuqaed.exeC:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2400
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
347KB
MD579d3681add51599ffddf6fc61d211166
SHA17c2898c3190f151c53b35c7cc7d1a3a7a6cc9e87
SHA256902ad71a54d0c74978f1a8cad9408bd93bc286bc3eed2125336d188022a45024
SHA51257bf15bed3e04713c1c54e16cdd84de1ff49e4c567d86a8a71860c18dfb81a708bfa30c33b0d534e153e3ddaeaf1ea1c8d3e04b909b1dc2227ab1d74a6dd948b
-
Filesize
347KB
MD579d3681add51599ffddf6fc61d211166
SHA17c2898c3190f151c53b35c7cc7d1a3a7a6cc9e87
SHA256902ad71a54d0c74978f1a8cad9408bd93bc286bc3eed2125336d188022a45024
SHA51257bf15bed3e04713c1c54e16cdd84de1ff49e4c567d86a8a71860c18dfb81a708bfa30c33b0d534e153e3ddaeaf1ea1c8d3e04b909b1dc2227ab1d74a6dd948b